joecooper Posted April 20, 2012 Share Posted April 20, 2012 Hi, I have an HTML Area on an admin section of my site. The HTML gets submitted to a MySQL database, but gets parsed using mysql_real_escape_string. The problem i have just noticed, is that upon every edit, it gets parsed again, and again. Here is the code: $updatequery = "UPDATE zen_blog SET content = '" . mysql_real_escape_string($htmlcontent) . "', active=$activate WHERE id = $updateid"; $doupdate = $db->Execute($updatequery); Here is the result: <h2 class=\\"\\\\\\"\\\\\\\\\\\\\\"page_title\\\\\\\\\\\\\\"\\\\\\"\\"> Is it possible to only use it where its needed? Thanks! Joe Quote Link to comment Share on other sites More sharing options...
scootstah Posted April 20, 2012 Share Posted April 20, 2012 You probably have magic quotes on which attempts to automatically escape user input. Try turning it off in the php.ini. Quote Link to comment Share on other sites More sharing options...
joecooper Posted April 21, 2012 Author Share Posted April 21, 2012 If i dont use mysql_real_escape_string, it gives mysql errors. so i dont think it is turned on. Quote Link to comment Share on other sites More sharing options...
litebearer Posted April 21, 2012 Share Posted April 21, 2012 http://docs.simplemachines.org/index.php?topic=479.0 Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted April 21, 2012 Share Posted April 21, 2012 There's also a magic quotes setting (magic_quotes_runtime) that escapes data when it is retrieved from a database. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.